XCP DRM Software Detection

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a rootkit installed on it.

Description :

First 4 Internet's Extended Copy Protection (XCP) digital rights
management software is installed on the remote Windows host. While it
is not malicious per se, the software hides files, processes, and
registry keys / values from ordinary inspection, which has been
exploited by several viruses to hide from antivirus software.

See also :

http://www.nessus.org/u?13c4c8b5
http://www.nessus.org/u?572228eb
http://www.sophos.com/pressoffice/news/articles/2005/11/stinxe.html

Solution :

On the affected host, run the DOS command 'cmd /k sc delete
$sys$aries' to deactivate the software and reboot.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 20212 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now